Cookie Monster
Is it possible to predict cookie values? I've got a feeling it just might be possible.
Cookie values are assigned from some kind of algorithm (exactly the way encryption works), therefore the less complex the algorithm (or entropy) then the easier it becomes to figure out exactly how that algorithm works and be able to predict what comes next!
Cookie Monster will grab cookies from a host and assign each character a number. This number can be used to perform mathematical calculations on the differences in order to find a pattern and see if cookie prediction is possible.
It is written in Python by myself back in 2007.
Features of Cookie Monster
- SSL Support
- Support for Analysis of Multiple Cookies Simultaneously
- Cookie Analysis
- Load/Save Previously 'grabbed' Cookies ("Offline Mode")
- 'Grab' Cookies in Real-time ("Online Mode")
- Regular Expression Support
- Ability to import from raw text file (and subsequent conversion)
- Hexadecimal Support
- Real-time Graph Plotting
What does it do?
In short, it retrieves X amount of cookies, analyses them and attempts to find a pattern between them (in the form of a graph).
COOKIES IN --> *MAGIC* COOKIE MONSTER --> PRETTY GRAPH OUT
Lets break that down...
STEP 1: Cookie Monster visits http://www.dabs.com which has "Set-Cookie: ASP.NET_SessionId=v2ozxr55pj0god55s3udypr4" in its headers.
STEP 2: Cookie Monster looks for "Set-Cookie: WHATEVER=" via a regular expression and returns the value after the "=" (the cookie value, obviously!) Therefore, "Set-Cookie: ASP.NET_SessionId=v2ozxr55pj0god55s3udypr4" becomes "v2ozxr55pj0god55s3udypr4".
STEP 3: Cookie Monster then converts each character in the cookie to its ASCII representation - "A" becomes "65", "B" becomes "66" and so on. Cookie Monster has Hexadecimal support if the "-d" switch is used - ignore that for now as it only complicates things heh. It then feeds this into an array, well nested tuples in Python.
STEP 4: Another Cookie is then received - "fqzvyaezad4bd0apzerh3445". This is then converted like before - "f" becomes "118", "q" becomes "50", etc.
STEP 5: The Cookie just received is then compared, character by character in the same position to the previous one. This is achieved by taking the decimal ASCII value of Cookie 1, Position 1 [C1P1] and subtracting Cookie 2, Position 1 from it [C2P1], this gives us a value. We then move onto Cookie 1, Position 2 [C1P2] and subtract Cookie 2, Position 2 [C2P2] from it, we then store the resulting value. We will add all these values up later. When we come across a - (minus) result, we make this a + (plus) due to adding up these values later.
You don't have to be a hardcore Mathematican to do this by the way.
1st Cookie [C1]: v2ozxr55pj0god55s3udypr4
ASCII: 118, 50, 111, 122, 120, 114, 53, 53, 112, 106, 48, 103, 111, 100, 53, 53, 115, 51, 117, 100, 121, 112, 114, 52
2nd Cookie [C2]: fqzvyaezad4bd0apzerh3445
ASCII: 102, 113, 122, 118, 121, 97, 101, 122, 97, 100, 52, 98, 100, 48, 97, 112, 122, 101, 114, 104, 51, 52, 52, 53
So we take "118", subtract "102", this results in "16". We write this down. We take "50", subtract "113", this equals "-63" but we turn this into "+63" as we will be adding after... and so on. We then add all the saved results up and come to a figure.
Compare:
118, 50, 111, 122, 120, 114, 53, 53, 112, 106, 48, 103, 111, 100, 53, 53, 115, 51, 117, 100, 121, 112, 114, 52
102, 113, 122, 118, 121, 97, 101, 122, 97, 100, 52, 98, 100, 48, 97, 112, 122, 101, 114, 104, 51, 52, 52, 53
16 + 63 + 11 + 4 + 1 + 17 + 48 + 69 + 15 + 6 + 4 + 5 + 11 + 52 + 44 + 59 + 7 + 50 + 3 + 4 + 70 + 60 + 62 + 1 = 682
We are then given the value of 682. This is the total value of difference between the first and last cookie - a summary if you like.
STEP 6: Plot "Summary Difference Value" on graph.
STEP 7: Repeat Step 1 - Step 6 until N amount of cookies requested to be 'grabbed' are reached. Each time, only comparing the most recent cookie and the last one before (character by character, in the same position). For example, a third cookie [C3] will now be 'grabbed', converted and compared with the values of the second cookie [C2] which will produce a summary difference value. A fourth cookie [C4] will be got, converted, compared with the third cookie [C3] and so on...
STEP 7: Beautiful graph outputted.
Is there some sort of pattern in the graph? A random cookie should have values scattered everywhere so no pretty patterns should be visible. A predictable cookie, one partly based on incremental values like time/day for example will have a pretty obvious pattern... some other incremental cookie values may require a larger amount of cookies before this pattern is apparent.
Interesting stuff eh?!
Cookie Monster is not public.
No TrackBacks
TrackBack URL: http://www.tomneaves.co.uk/cgi-bin/mt/mt-tb.cgi/40